BCU Financial Privacy Policy

Buduchnist Credit Union Limited, carrying on business as BCU Financial (“BCU Financial”), and its affiliates, including the BCU Wealth Management division, has always respected the rights of its members to privacy and your right to control the collection, use and disclosure of your personal information.

BCU Financial is committed to protecting your personal information and your privacy in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”). To ensure the highest standards of privacy, BCU Financial has adopted the Credit Union Code for the Protection of Personal Information (“Code”), has implemented related policies and procedures and appointed a Privacy Officer (contact information found below).

This Privacy Policy applies to the personal information BCU Financial collects, uses, and shares in the course of conducting its business activities and providing services to its members (including online). By providing BCU Financial with your personal information, you consent to its collection, use and disclosure in accordance with this Privacy Policy and additional privacy policies and procedures implemented from time to time.

How BCU Financial Collects, Uses and Shares your Personal Information

The information we collect from you depends on the nature of the services provided to you. When you apply for or open an account with BCU Financial, and throughout the course of your relationship with us, we may collect, use and share personal information that you provide us, or we obtain about you (including from third-parties). Personal information is information about an identifiable individual. It is information that identifies you or could be combined by us or our service providers and affiliates with other information to identify you.

Generally, we use your personal information to verify your identity, communicate with you, prevent fraud, secure and administer your account(s), meet legal and regulatory requirements, and offer you additional products and services.

What Personal Information Do We Collect, Use and Share?

Examples of the types of personal information we collect, use and share include:

• Contact Information, which we use to communicate with you and includes: your personal e-mail address, your home address, your home telephone number, your personal cellphone number.
• Identity Information, which we use to verify your identity, prevent fraud and for tax reporting purposes and includes: your date of birth, driver’s license, Social insurance number, passport, proof of residence, employment history.
• Financial Information, which we collect to determine your eligibility for products and services, and includes: credit history, credit bureau reports, income, assets, liabilities, transaction and account history.
• Health Information, which we may collect from you to determine your eligibility for optional insurance and related services.

Personal information may also include details as to whether you have opened our promotional e-mails or how you have used our websites, if we can associate that information with you. If you are a business customer or prospective business customer, personal information does not include your title, business address and business telephone number when we use that information to contact you in your business capacity.

We may also collect personal information about other individuals, including for example the names and contact information of your dependents, next of kin, guarantors, beneficiaries or your spouse.

Your personal information may be shared with third-parties who assist us in providing services to you, including for example third-parties which provide credit insurance services or products. In such cases, you consent to the disclosure and exchange of your personal information to these third-parties.

When you visit our branches, or access our ATMs, your presence may be recorded by video and audio surveillance equipment. We implement surveillance practices at our premises to ensure our employees’ and members’ safety, and to prevent fraud and other illegal activities.

From time to time, we may also record our telephone communications and keep records of electronic communications we have with you. These practices are implemented to establish a record of information provided to you by us, or by you to us, and to ensure the quality of our products and services.

When you visit our websites, we may collect electronic information which can be associated with you, including for example your IP address(es), your account preferences,  browser type and computer’s operating system. We use this information for a number of technical purposes and to ensure that our pages load correctly in your browser, provide offers to you, and to improve our websites.

You are urged to read this Privacy Statement, in its entirety, along with your account and service agreements, which provide additional information about how we use, collect and disclose your personal information.

Summary of the Principles we have Adopted from the Code to Protect Your Personal Information.

We are committed to ensuring compliance with PIPEDA and to provide you with a banking experience in which your privacy rights are secured. We believe you should be in control over how your personal information is collected, used and disclosed. Accordingly, our privacy practices are determined in accordance with the following Ten Principals:

      1. Accountability

We have designated a Privacy Officer who is accountable for our privacy governance including compliance with PIPEDA and the principles of the Code.

2. Identifying Purposes

Before or at the time we ask you for personal information, we will identify the purposes for which it will be used or disclosed. Your personal information will never be sold to third-parties. The purposes are further identified in BCU Financial’s Member service Agreement and include:

• To understand your needs and to develop, offer and manage products and services that meet those needs;
• To determine the suitability and your eligibility for member products and services;
• To evaluate your credit standing and to share or exchange reports and information with credit reporting agencies;
• To detect and prevent fraud, and to help safeguard the financial interests of the Credit Union and its members; and
• To meet legal and regulatory requirements.

3. Consent

You are in control of your personal information. BCU Financial will not collect, use or share your personal information without  your knowledge and consent (except in specific and limited circumstances, as may be required by law). Your consent can be expressed or implied. Express consent can be verbal or written.

An example of express consent is, when you sign an acknowledgment on a credit application thereby providing your explicit written consent for us to use your personal information to obtain a credit report on your behalf. An example of implied consent is, when you are provided with a BCU Financial Member Card with attached conditions, and you use the card, thereby providing your implied consent to the conditions. You may withdraw your consent at any time. However, if you decide to withdraw or refuse your consent, our ability to communicate may be impacted and we may not be able to: (1) properly service your account, (2) provide our products or services, or (3) establish and/or maintain an on-going business relationship with you.

4. Limiting Collection

The collection of personal information is limited to that which is needed for the purposes we’ve identified to you, and the services or products you have selected.  The information we collect is only collected by fair and lawful means.

5. Limiting Use, Disclosure and Retention

We will only use or disclose your personal information with your consent (or as required by law). Unless you provide additional consents, your personal information will not be used for other purposes. We will only retain your information for as long as necessary to fulfill the identified purpos(es), or in accordance with legal, contractual or regulatory requirements. We may be required to retain you personal information even after your relationship with us has ended. We will dispose of all personal information when it is no longer needed, or as required, in a secure manner. You acknowledge that we may use third-parties to provide services for us, or to assist us in providing services to you, which operate outside Canada. Your personal information may be shared with these third-parties and used, stored or accessed in another country, where it will be subject to the laws of that jurisdiction. However, under no circumstances will BCU Financial sell  or lease your personal information to any third-parties,  and we will not  share your personal information with third-parties for marketing or other purposes which are unrelated to the products and services we offer to our members.

6. Accuracy

We endeavour to keep your personal information accurate, complete and up-to-date. In order to achieve this, we request that members notify us of any changes, for example: a new address of telephone number. If you believe any personal information we have collected about you is incorrect, you may request that we review your personal information and revise any errors.

7. Safeguards

We take administrative, technical and physical measures to safeguard your personal information (in physical and electronic forms) against unauthorized access, unauthorized disclosure, theft and misuse. This includes limiting access of employees, and restricting the use of your personal information through the use of passwords and graduated levels of clearance. We regularly train our employees on the importance of maintaining confidentiality and securing member personal information. We do not publish all of our security measures online because this may reduce their effectiveness.

8. Openness

We will make specific, understandable information readily available to you about our personal information policies and procedures. This information may be available in brochures, by telephone, email or on our websites. Specific requests for more information about our privacy related initiatives and personal information handling practices may be made to our Privacy Officer (contact information below).

9. Individual Access

When you request more information, or access to your personal information, we will provide you with  access to the existence, use and disclosure of your information. You are entitled to question its accuracy and completeness, and its uses, and have it amended as required. We will do our best to respond to all access requests within 30 days. However in some limited cases we will need more time, in which case reasons for delay will be communicated to you. To access your personal information please contact our Privacy Officer.

10. Challenging Compliance

You are entitled to question our compliance with any of these privacy principles, or PIPEDA at any time. All complaints will be investigated, and any appropriate measures will be taken to address substantiated complaints and improve information handling practices, policies and procedures, if deficiencies are found. We will notify you of the outcome our investigation into your complaint, and of any steps we take to correct any inaccurate personal information relating to you.

Online Privacy Measures

Online Banking Security

Through BCU Link, BCU Financial provides is members with online banking services which are accessible over the internet. If you choose to register for a BCU Link account, you will be able to access our services from the comfort of your home, or anywhere else that is convenient for you. However when you communicate over the internet, your communications and your devices may be vulnerable to other people, software or viruses which can compromise your security.

Accordingly, be sure to never share your passwords with others, or leave your devices unattended before logging out of your BCU Link account. Install anti-virus programs and regularly update them. Also be sure to regularly update your operating systems and browsers with the latest security patches.

To protect you, BCU Link is secured through encryption, by a 128-bit SSL (Secure Socket Layer) channel. This is the strongest encryption channel available. In addition, BCU Financial has implemented multiple layers of internal and external security measures to secure its online environments. We regularly review our online security practices to ensure our banking services remain secure and accessible to you, and your personal information is protected.

Although we take precautions against possible breaches of our security systems, no organization can fully eliminate the risks of unauthorized access to your personal information and no website is completely secure. We cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur.

Information Collected On Our Public Websites

You can visit all public areas of our websites without providing any personal information about yourself.  Our websites collect only non-personal information based on a visitor’s Internet Protocol (IP) address (this is not personally identifiable).  Information collected includes the date and time of visit, the type of Internet browser used to access the site, the referring address (the link a visitor uses to access the site).  This data is used to create statistics on site usage and improve online services.

Cookies

Our websites may use small pixel files (small images) and session cookies (small text files) to keep track of your browser while you visit our websites. This helps us manage our websites and provide you with a positive online experience.  Session cookies help us facilitate ongoing access to and use of our websites. There are simple procedures in most browsers that allow you to automatically decline, or to be given the choice of declining or accepting the transfer of particular cookies to your computer. You should note, however, that declining cookies may impact your access and use of our websites.

Links to Third-Party Websites and Social Network Plug-Ins

You may be able to access third-party websites through links available on our websites. You may also connect to social networks such as Facebook, Instagram, Twitter, YouTube or others. These links are provided for your convenience. We do not have any control over those third-party websites and we do not provide any guarantee that the privacy practices of the hosts of those websites meet our standards. Your use of such third-party websites is at your own risk and will be governed by the privacy policies of those websites and not by this Privacy Policy. Do not transmit personal information using those websites without reading the privacy policies governing those websites.

Storage Outside of Canada

Your personal information may be used or stored by us or our service providers outside of Canada including for example in the United States. We require that our service providers  safeguard your personal information. However, if your personal information is used or stored outside of Canada, it will also be subject to the laws of the country in which it is used or stored.

Visitors to our Websites from Outside of Canada

BCU Financial does not have any operations outside of Canada.  The subject matter and terms of this Privacy Policy, and the content contained on our websites are intended for visitors who access our websites from Canada.

However, for those members who may be residents of Europe and who may access our online services or visit our websites from Europe, we are committed to demonstrating transparency over how we handle their personal data in accordance with the requirements of the European Union’s General Data Protection Regulation (2017) (“GDPR”).

For more information about BCU’s GDPR initiatives, contact our Privacy Officer (contact information found below).

Your Privacy Preferences

Withdrawing Consent and Opting-Out

You may choose to withdraw your consent or opt-out from receiving marketing or promotional electronic messages from us, at any time, by clicking through the unsubscribe links included in such messages.

You may also contact us in writing to withdraw your consent to receiving marketing or promotional electronic messages from us, or to the use and disclosure of your personal information for any purpose set out in this Privacy Policy, subject to legal and contractual restrictions (contact information found below).

Requests related to marketing and promotional activities, will be processed no later than ten (10) days of any such request. For all other requests, we will process them as is reasonably practicable.

Please note that even if you have withdrawn your consent, or opted-out from receiving marketing or promotional materials from us, we may still contact you from time to time, as may be required or permissible by law.

Questions, Access, Correction and Deletion of Your Personal Information

You have the right to access, update, correct inaccuracies and delete your personal information in our custody and control, subject to certain exception prescribed by law. If you have questions or concerns about the personal information we have collected about you and would like assistance in accessing, updating, correcting and deleting that information, please contact us at:

BCU Financial

Attention: Privacy Officer
2280 Bloor Street West, 2nd Floor
Toronto, ON M6S 1N9
Telephone:  (416) 763-8914
Email: privacyofficer@bcufinancial.com

Concerns or Complaints Related to Privacy Matters

All concerns and Complains related BCU Financial’s privacy practices, this Privacy Policy, or compliance with PIPEDA or the Code should be directed to the Privacy Officer (contact information found above).

If you are not satisfied with the information provided to you by us, you may also contact:

The Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3
Phone: (819) 994-544
Website: www.priv.gc.ca

Financial Services Regulatory Authority (FSRA)
5160 Yonge Street, 16th Floor
Toronto, Ontario
M2N 6L9

Telephone: 416-250-7250
Email: contactcentre@fsrao.ca

Updates and Amendments to this Privacy Policy

We may update and amend this Privacy Policy at any time, without notice, and any changes are effective when posted to our websites. Please check this page periodically for updates.